The "Poll Microsoft Outlook on a Schedule for New Messages for Cases" workflow template is designed to streamline email case management by automatically retrieving new messages from Outlook at regular intervals. It extracts and enriches email components, such as EML files, and generates detailed Torq cases. This process includes URL defanging, QR code scanning in attachments, and SPF/DKIM verification, ensuring comprehensive email analysis and documentation. Ideal for businesses seeking efficient email threat management and case creation.
Use Cases
Case Management
Workflow Breakdown
Polls Outlook for new messages, passing EML files to a nested workflow for content gathering.
Enrichment/linking occurs before mapping to generate a Torq case with email/nested email info.
EML inspection resolves URL hostnames, provides verdicts, and defangs URLs for the Torq case.
Image attachments are checked for QR codes; findings and observables are added as case comments.
Torq case includes EML details, HTML header notes, SPF/DKIM verdicts, and an HTML body screenshot.
Vendors
Scripting, Utils, Microsoft Outlook, Microsoft 365, Torq, Torq Cases, Data Transformation
Tips
